Win32:Alureon-AXW trojan and Win32:Malware-gen

OK. Both mini dumps are complaining about tcpip.sys so let's go back to an earlier version and see if it works better:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys | C:\Windows\SysNative\drivers\tcpip.sys

******************************************

Everything fron the C:\ on should be on the same line.

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If and Only If After a reboot if you can't get on line try running

Copy the next line:

sfc.exe /scanfile=C:\Windows\SysNative\drivers\tcpip.sys

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window. Reboot.

Ron

ComboFix 13-01-23.01 - Jeannene 01/23/2013 15:29:58.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2162 [GMT -6:00]
Running from: c:\users\Jeannene\Desktop\ComboFix.exe
Command switches used :: c:\users\Jeannene\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 21:40 . 2013-01-23 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 21:47 . 2013-01-23 01:03 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-01-22 21:06 . 2013-01-22 21:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-22 21:06 . 2013-01-22 21:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 20:35 . 2013-01-15 08:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{995474B3-286C-4645-9E2A-0C0A853BE905}\mpengine.dll
2013-01-22 20:26 . 2013-01-22 20:27 -------- d-----w- c:\program files (x86)\7-Zip
2013-01-22 20:25 . 2013-01-22 20:24 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-22 20:23 . 2013-01-22 20:23 -------- d-----w- c:\programdata\McAfee
2013-01-21 22:40 . 2013-01-21 22:40 -------- d-----w- c:\program files\IDT
2013-01-20 22:27 . 2013-01-20 22:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-20 19:41 . 2009-01-20 14:39 473088 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-01-20 19:41 . 2009-01-20 14:38 430592 ----a-w- c:\windows\system32\stcplx64.dll
2013-01-20 19:41 . 2009-01-20 14:38 532480 ----a-w- c:\windows\system32\stapi64.dll
2013-01-20 01:24 . 2013-01-20 01:24 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2013-01-20 01:11 . 2013-01-23 00:33 -------- d-----w- c:\program files (x86)\SpeedFan
2013-01-19 04:34 . 2013-01-19 04:34 -------- d-----w- c:\users\Jeannene\AppData\Local\Macromedia
2013-01-19 03:41 . 2013-01-19 03:41 -------- d-----w- c:\program files (x86)\NirSoft
2013-01-19 03:30 . 2013-01-19 03:30 -------- d-----w- C:\backupres
2013-01-18 23:45 . 2013-01-18 23:45 -------- d-----w- c:\users\Jeannene\AppData\Roaming\Malwarebytes
2013-01-18 23:44 . 2013-01-18 23:44 -------- d-----w- c:\programdata\Malwarebytes
2013-01-18 23:44 . 2013-01-18 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-18 23:44 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 21:28 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-18 21:28 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-18 21:27 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-18 21:27 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-18 21:27 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-18 21:27 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-18 21:27 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-18 21:08 . 2013-01-18 21:08 -------- d-----w- C:\_OTL
2013-01-17 01:20 . 2013-01-17 01:20 -------- d-----w- c:\program files (x86)\EMET
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
2013-01-13 22:33 . 2013-01-13 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-13 18:06 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-13 18:06 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-13 18:06 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-13 18:06 . 2012-10-30 23:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-13 18:06 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-13 18:06 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-13 18:06 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-13 18:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-13 18:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\programdata\AVAST Software
2013-01-13 18:05 . 2013-01-13 18:05 -------- d-----w- c:\program files\AVAST Software
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\MFAData
2013-01-12 03:33 . 2013-01-12 03:33 -------- d-----w- c:\users\Jeannene\AppData\Local\Avg2013
2012-12-27 12:21 . 2013-01-19 04:15 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-27 12:21 . 2012-12-27 12:21 -------- d-----w- c:\windows\system32\Macromed
2012-12-26 02:06 . 2012-12-26 02:06 -------- d-----w- c:\programdata\Browser Manager
2012-12-25 23:42 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-12-25 23:39 . 2013-01-18 21:08 -------- d-----w- c:\programdata\Wincert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 21:05 . 2010-04-24 03:56 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-19 09:02 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2013-01-19 04:15 . 2011-11-20 15:16 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 13:31 . 2012-12-21 09:00 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 09:00 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 09:00 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-13 09:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 12:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 12:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 12:43 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 12:43 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 12:43 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 12:43 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 12:43 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-02-11 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 04:15]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
- c:\users\Jeannene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 16:52]
.
2009-08-24 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
2013-01-19 c:\windows\Tasks\HPCeeScheduleForJeannene.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-12-19 247808]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startpage.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.com\payments
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\08rni8zm.default\
FF - ExtSQL: 2013-01-13 17:45; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-ICDL Book Reader - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-23 15:42:51
ComboFix-quarantined-files.txt 2013-01-23 21:42
.
Pre-Run: 164,206,288,896 bytes free
Post-Run: 164,159,885,312 bytes free
.
- - End Of File - - CB5ED6043D12D038F7FC792FEBC84171

#61
RKinner

Posted 22 January 2013 - 04:35 PM

Advertisements

#62
beejee

Posted 22 January 2013 - 05:20 PM

#63
beejee

Posted 22 January 2013 - 05:25 PM

#64
RKinner

Posted 22 January 2013 - 06:48 PM

#65
beejee

Posted 22 January 2013 - 07:26 PM

#66
RKinner

Posted 22 January 2013 - 08:56 PM

#67
beejee

Posted 23 January 2013 - 04:05 PM

#68
RKinner

Posted 23 January 2013 - 04:08 PM

#69
beejee

Posted 23 January 2013 - 05:15 PM

#70
RKinner

Posted 23 January 2013 - 07:21 PM

Advertisements

#71
beejee

Posted 23 January 2013 - 08:22 PM

#72
RKinner

Posted 23 January 2013 - 08:34 PM

#73
beejee

Posted 24 January 2013 - 02:35 PM

#74
RKinner

Posted 24 January 2013 - 03:31 PM

#75
beejee

Posted 08 February 2013 - 03:18 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Win32:Alureon-AXW trojan and Win32:Malware-gen

#61 RKinner Posted 22 January 2013 - 04:35 PM

Advertisements

#62 beejee Posted 22 January 2013 - 05:20 PM

#63 beejee Posted 22 January 2013 - 05:25 PM

#64 RKinner Posted 22 January 2013 - 06:48 PM

#65 beejee Posted 22 January 2013 - 07:26 PM

#66 RKinner Posted 22 January 2013 - 08:56 PM

#67 beejee Posted 23 January 2013 - 04:05 PM

#68 RKinner Posted 23 January 2013 - 04:08 PM

#69 beejee Posted 23 January 2013 - 05:15 PM

#70 RKinner Posted 23 January 2013 - 07:21 PM

Advertisements

#71 beejee Posted 23 January 2013 - 08:22 PM

#72 RKinner Posted 23 January 2013 - 08:34 PM

#73 beejee Posted 24 January 2013 - 02:35 PM

#74 RKinner Posted 24 January 2013 - 03:31 PM

#75 beejee Posted 08 February 2013 - 03:18 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#61
RKinner

Posted 22 January 2013 - 04:35 PM

#62
beejee

Posted 22 January 2013 - 05:20 PM

#63
beejee

Posted 22 January 2013 - 05:25 PM

#64
RKinner

Posted 22 January 2013 - 06:48 PM

#65
beejee

Posted 22 January 2013 - 07:26 PM

#66
RKinner

Posted 22 January 2013 - 08:56 PM

#67
beejee

Posted 23 January 2013 - 04:05 PM

#68
RKinner

Posted 23 January 2013 - 04:08 PM

#69
beejee

Posted 23 January 2013 - 05:15 PM

#70
RKinner

Posted 23 January 2013 - 07:21 PM

#71
beejee

Posted 23 January 2013 - 08:22 PM

#72
RKinner

Posted 23 January 2013 - 08:34 PM

#73
beejee

Posted 24 January 2013 - 02:35 PM

#74
RKinner

Posted 24 January 2013 - 03:31 PM

#75
beejee

Posted 08 February 2013 - 03:18 PM